Total
7608 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-18454 | 1 Bycms Project | 1 Bycms | 2024-11-21 | 6.0 MEDIUM | 6.8 MEDIUM |
| Cross Site Request Forgery (CSRF) vulnerability in bycms v1.3 via admin.php/systems/index/module_id/70/group_id/1.html. | |||||
| CVE-2020-18418 | 1 Feifeicms | 1 Feifeicms | 2024-11-21 | N/A | 8.8 HIGH |
| A Cross site request forgery (CSRF) vulnerability was discovered in FeiFeiCMS v4.1.190209, which allows attackers to create administrator accounts via /index.php?s=Admin-Admin-Insert. | |||||
| CVE-2020-18416 | 1 Jyuu | 1 Jymusic | 2024-11-21 | N/A | 6.8 MEDIUM |
| An cross site request forgery (CSRF) vulnerability discovered in Jymusic v2.0.0.,that allows attackers to execute arbitrary code via /admin.php?s=/addons/config.html&id=6 to modify payment information. | |||||
| CVE-2020-18409 | 1 Catfishcms Project | 1 Catfishcms | 2024-11-21 | N/A | 6.8 MEDIUM |
| Cross Site Request Forgery (CSRF) vulnerability was discovered in CatfishCMS 4.8.63 that would allow attackers to obtain administrator permissions via /index.php/admin/index/modifymanage.html. | |||||
| CVE-2020-18326 | 1 Intelliants | 1 Subrion Cms | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Cross Site Request Forgery (CSRF) vulnerability exists in Intelliants Subrion CMS v4.2.1 via the Members administrator function, which could let a remote unauthenticated malicious user send an authorised request to victim and successfully create an arbitrary administrator user. | |||||
| CVE-2020-18265 | 1 Simple-log Project | 1 Simple-log | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Cross Site Request Forgery (CSRF) in Simple-Log v1.6 allows remote attackers to gain privilege and execute arbitrary code via the component "Simple-Log/admin/admin.php?act=act_add_member". | |||||
| CVE-2020-18264 | 1 Simple-log Project | 1 Simple-log | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Cross Site Request Forgery (CSRF) in Simple-Log v1.6 allows remote attackers to gain privilege and execute arbitrary code via the component "Simple-Log/admin/admin.php?act=act_edit_member". | |||||
| CVE-2020-18198 | 1 Pluck-cms | 1 Pluck | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Cross Site Request Forgery (CSRF) in Pluck CMS v4.7.9 allows remote attackers to execute arbitrary code and delete specific images via the component " /admin.php?action=images." | |||||
| CVE-2020-18195 | 1 Pluck-cms | 1 Pluck | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Cross Site Request Forgery (CSRF) in Pluck CMS v4.7.9 allows remote attackers to execute arbitrary code and delete a specific article via the component " /admin.php?action=page." | |||||
| CVE-2020-18157 | 1 Metinfo | 1 Metinfo | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Cross Site Request Forgery (CSRF) vulnerability in MetInfo 6.1.3 via a doaddsave action in admin/index.php. | |||||
| CVE-2020-18151 | 1 Thinkcmf | 1 Thinkcmf | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| Cross Site Request Forgery (CSRF) vulnerability in ThinkCMF v5.1.0, which can add an admin account. | |||||
| CVE-2020-18129 | 1 Eyoucms | 1 Eyoucms | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| A CSRF vulnerability in Eyoucms v1.2.7 allows an attacker to add an admin account via login.php. | |||||
| CVE-2020-18124 | 1 Indexhibit | 1 Indexhibit | 2024-11-21 | 4.0 MEDIUM | 5.7 MEDIUM |
| A cross-site request forgery (CSRF) vulnerability in Indexhibit 2.1.5 allows attackers to arbitrarily reset account passwords. | |||||
| CVE-2020-18123 | 1 Indexhibit | 1 Indexhibit | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| A cross-site request forgery (CSRF) vulnerability in Indexhibit 2.1.5 allows attackers to arbitrarily delete admin accounts. | |||||
| CVE-2020-17901 | 1 Pbootcms | 1 Pbootcms | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| Cross-site request forgery (CSRF) in PbootCMS 1.3.2 allows attackers to change the password of a user. | |||||
| CVE-2020-16610 | 1 Hoosk | 1 Hoosk | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
| Hoosk Codeigniter CMS before 1.7.2 is affected by a Cross Site Request Forgery (CSRF). When an attacker induces authenticated admin user to a malicious web page, any accounts can be deleted without admin user's intention. | |||||
| CVE-2020-16256 | 1 Winstonprivacy | 2 Winston, Winston Firmware | 2024-11-21 | 9.3 HIGH | 8.8 HIGH |
| The API on Winston 1.5.4 devices is vulnerable to CSRF. | |||||
| CVE-2020-16253 | 1 Pghero Project | 1 Pghero | 2024-11-21 | 5.8 MEDIUM | 8.1 HIGH |
| The PgHero gem through 2.6.0 for Ruby allows CSRF. | |||||
| CVE-2020-16252 | 1 Field Test Project | 1 Field Test | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
| The Field Test gem 0.2.0 through 0.3.2 for Ruby allows CSRF. | |||||
| CVE-2020-16208 | 1 Redlion | 4 N-tron 702-w, N-tron 702-w Firmware, N-tron 702m12-w and 1 more | 2024-11-21 | 9.3 HIGH | 8.8 HIGH |
| The affected product is vulnerable to cross-site request forgery, which may allow an attacker to modify different configurations of a device by luring an authenticated user to click on a crafted link on the N-Tron 702-W / 702M12-W (all versions). | |||||